What to consider when evaluating a company’s cybersecurity system
Maintaining top-notch cybersecurity systems to protect a company’s most critical IT and digital infrastructure and data is a given in the Granite State and everywhere else. But the real question is: What are the best ways that businesses should approach this issue, and what do they need to consider the most when evaluating their existing cybersecurity system or any potential new cybersecurity solutions? We sought some answers from Trusted Internet of New Boston, a firm that specializes in providing cybersecurity solutions.
Jeff Stutzman, President and Founder, Trusted Internet LLC, trustedinternet.io
Q: How should CEO’s be thinking about cybersecurity?
A: CEOs and business owners worry about cash flow first, and then being hacked. CEOs (I’m one too), think like this:
Is my company safe? I hope my company stays safe! I hate writing checks for things that don’t make money.
How do I keep my cybersecurity spend down but still be safe?
Have I been hacked already but don’t know? What do I have to do to stay out of the news? How do I maximize my investment without going broke?
Here’s the truth in this: Many companies, if asked, can’t tell where every computer, phone or pad is found, and, worse, if an unauthorized computer is accessing their network planning an attack or executing ransomware. Bring your own devices, personal cellphones, blurred connectivity between corporate, guest and non-corporate computing is making it very hard to keep a company safe. We must have visibility to be able to correlate devices and users on a network and protect against the unauthorized.
Q: So how do we do that?
A: Let me put this in a different perspective.
In the past, if I wanted an EKG, I’d have to make an appointment with my primary care. Today, I can take it on a watch. Sleep habits? Pulse Ox and O2 sat? Heartbeat and steps? Exercise and calorie burn? It’s all there. “Data Lover” is on the Garmin marketplace. I downloaded it for free, installed it on my watch, and now I can see every vital sign I would like to be able to see all one pane of glass.
Cybersecurity is no different, but it requires keeping up with that’s happening on your network. The types and amount of data available to our information security teams is staggering compared to years past. Yet as the data changes with every new attack, the security tools that we’ve relied on for so long remain relatively static. Firewalls, intrusion prevention systems, antivirus and authentication tools are the primary sources of information security data that get presented to our security operations teams, usually through an expensive, complex and labor-intensive Security Information and Event Manager (SIEM). At best, analytically curious security operators will often end up manually threat-hunting through hundreds of gigabytes of data, using their eyeballs, know how and common-sense searching for indicators of compromise. The result? Missed events/incidents, data losses, ransomware and security operator burnout. In a smaller company, this could mean extinction.
Q: That sounds like a bad model. How do we fix that?
A: Trusted Internet’s entire business model is to use experienced security operators augmented by machine learning and AI-driven algorithmic correlation systems. We push hundreds of gigabytes of data per day from dozens of sources in your environment into an 88-core, 20-terabyte server. The system is housed in our secure facility in Iron Mountain Datacenter, where the machine correlates the data, establishes patterns of life and work at the speed of the machine to find abnormalities, finding at-risk computers, intrusion attempts and anomalous behaviors, and responds accordingly.
Q: What does that look like?
A: Trusted Internet has integrations for over 200 security vendors, every operating system log, cloud logging, anti-ransomware, container logs, authentication, behavioral analysis and even physical security systems. It’s “Data Lover” for cybersecurity. We want to see 100 percent of what’s happening on your network in real time.
By combining so many authoritative sources into one data lake, analyzed by an AI-driven engine, Trusted Internet analysts can quickly validate findings of the machine, protecting your networks, computers and data from ransomware, malware, and a whole lot more — all in near-real time, at a fraction of the price of building it on your own.
Shorter response times mean lower incident response costs: Incident Response costs can be prohibitively expensive. One ransomware could cripple or even kill your company.
Reduced cyber insurance premiums: Insurance companies love our system. One of our clients recently (late fall 2022) underwent an insurance audit of how we protect their networks. The result? Better deductibles, and their cyber insurance premiums dropped from nearly $500,000 to $100,000.
Q: How much does all this cost? It’s got to be expensive!
A: Here’s the math: In a 24/7 operation, your hardest expense to control is labor. You need smart people who can be awake and sharp at 2 a.m. You need experienced people to qualify what they’re seeing; and most of the experienced people are WAY beyond working the night shift. And then you’ll have to deal with turnover, sleepiness and burnout.
Let’s assume that you’re willing to take some risk, and not have a 24/7 security operation but do want to be sure you have eyes on the ball. As the employer, you should expect to pay at least $100,000 per year to hire one in-house security person (not necessarily an expert, but good), plus their social security and benefits. You will buy them a laptop and a company phone. Then, that person will ask for funding for firewalls, endpoints, aggregation tools and more. The numbers add up quickly.
Suppose instead, you hire Trusted Internet on a small business bundle for $3,900/month ($46,800/year): You’ll get an expert Virtual CISOsTM and SOC teams complete with a master’s degree and necessary certifications.
You’ll have full service 24/7 protection from ransomware, malware and hackers. We work round the clock.
We never take a vacation or call in sick. And we don’t need your health insurance or benefits.
And you don’t have to pay our Social Security. As a Managed XDR company, we bring in an expert team, running expert FortiGate tools and fighting AI-generated attacks with AI-defenses — all one pane of glass. Hire us, or use our infrastructure to do it yourself.
Shared services are always a better value for a small or medium-sized company. Business can’t hire this kind of talent and keep them happy and fed. Tech comes with the package, as does 24/7 monitoring, for half the price of one cybersecurity FTE. The math is easy.